World

What happened to North Korea's Internet?

An undated handout picture released by the North Korean Central News Agency (KCNA) on April 27, 2014 shows North Korean leader Kim Jong-un looking at a computer screen along with soldiers of a long-range artillery unit at an undisclosed location.

The Internet in North Korea went completely dark for more than 9 hours on Monday — and was still experiencing intermittent outages Tuesday.

It didn't take long before rumors spread that the outage might have been a cyberattack — perhaps from the United States. On Friday, the FBI accused North Korea of being responsible for the massive and embarrassing hack, and President Obama later pledged to respond to it.

But what really happened to North Korea's Internet? If it was an attack, who did it? Here are some of the most likely scenarios.

A distributed denial of service (DDoS) attack

If it was indeed a cyberattack of some kind — though even that isn't certain — it could have been what's known as a distributed denial of service (DDoS) attack. This consists of flooding a server with more requests than it can possibly handle, a technique used in the past by hacktivists such as Anonymous to shut down websites they don't agree with.

Dan Holden, a researcher at Arbor Networks, a security firm that specializes in studying and trying to defend DDoS attacks, analyzed the outage and determined that North Korea was indeed under some sort of DDoS attack targeting government-owned and operated websites.

It's unclear the attacks were responsible for the blackout. But experts concur that given North Korea's limited Internet infrastructure, it wouldn't be hard for pretty much anyone to knock it out with a DDoS. North Korea only has one link to the global Internet, and it reportedly carries less than 3 gigabits per second.

To put that in perspective, the largest DDoS ever recorded hit Spamhaus, an anti-spam company, with a flood of 300 gigabits per second. "We're talking about a single point of failure and a pipe that is not very big," David Belson, editor of Akamai's State of the Internet Report, told Mashable.

Experts consulted by Mashable all agree that it's unlikely that the United States were behind this attack. "I'd be far more surprised if it was a government launching the attack than I would if it was a kid in a Guy Fawkes mask," Matthew Prince said.

In fact, that massive 300 gigabits attack on Spamhaus in 2013 was carried out by a British teenager. In other words, anyone could have attacked North Korea yesterday. Maybe it was some teenage jokers; maybe it was a clandestine hire of Sony Pictures; maybe it was the Sony hackers themselves.

My theory is that the Sony hackers are the ones who DoSed the DPRK, because inciting cyberwar is lulz.

North Koreans gather at Kim Il Sung Square in Pyongyang, most bowing toward portraits of their late leaders as an act of respect, to mark the third anniversary of the death of Kim Jong-Il.

Image: Jon Chol Jin, File/Associated Press

China cuts North Korea's link to the Internet

North Korea's Internet has only one link to the outside world, and that's run by the Chinese state-owned telecom giant China Unicom. If China ever wanted to cut the regime's access to the Net, it could easily do it. So perhaps, after the United States asked China to rein in North Korea's hackers, China thought this would be the best way to rein in the nation.

While that's possible, experts are skeptical — because before the Internet went completely offline, Internet monitoring companies detected several partial outages. There have also been another two short outages after North Korea came back online.

Internet North Korea stable since 07:44 UTC. 7 outages in the last 48hr, last recorded outage between 06:34 & 07:43 pic.twitter.com/Ii6EV7ttWb

If China wanted to cut North Korea off, the outage would have been sudden — not preceded by irregular hiccups, Doug Madory, the director of Internet analysis at Dyn Research, told Mashable. "This wasn't the cable got cut from China, it sure didn't look like this," he said in a phone interview. "That's something we can rule out."

In any case, only the Chinese government and China Unicom would know for sure. China Unicom didn't respond to Mashable's requests for comment.

North Korea shut down its own Internet

Another possibility is that North Korea, voluntarily, or involuntarily, shut down its own Internet.

Maybe the government detected some attacks and shut its link down as a precaution, or a technician made a mistake during a routine maintenance. Or, perhaps, this was just a "a really poorly timed router malfunction," suggests Madory.

But given the timing, according to Akamai's Belson, that's the "least likely explanation."

Mashable
is a global, multi-platform media and entertainment company. Powered by its own proprietary technology, Mashable is the go-to source for tech, digital culture and entertainment content for its dedicated and influential audience around the globe.